From 4852502ee37c85ac848ff04bad9befa3cd888818 Mon Sep 17 00:00:00 2001 From: Punya Biswal Date: Sat, 11 Dec 2021 17:11:41 -0500 Subject: [PATCH] Update and weaken Log4J2 dependency (#2085) * Use the more recent 2.15.0 as baseline * For the published package, express a provided dependency rather than actually pulling in Log4J2 ourselves --- build.gradle | 2 +- contrib/log_correlation/log4j2/build.gradle | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index fc998dacf2..68fde6694c 100644 --- a/build.gradle +++ b/build.gradle @@ -166,7 +166,7 @@ subprojects { googleAuthVersion = '0.20.0' googleCloudBetaVersion = '0.100.0-beta' googleCloudGaVersion = '1.82.0' - log4j2Version = '2.11.1' + log4j2Version = '2.15.0' signalfxVersion = '0.0.48' springBoot2Version = '2.1.5.RELEASE' springBootVersion = '1.5.15.RELEASE' diff --git a/contrib/log_correlation/log4j2/build.gradle b/contrib/log_correlation/log4j2/build.gradle index 1e65b8da1a..dc8d0806f3 100644 --- a/contrib/log_correlation/log4j2/build.gradle +++ b/contrib/log_correlation/log4j2/build.gradle @@ -3,10 +3,11 @@ description = 'OpenCensus Log4j 2 Log Correlation' apply plugin: 'java' dependencies { - compile project(':opencensus-api'), - libraries.log4j2 + compile project(':opencensus-api') + compileOnly libraries.log4j2 - testCompile libraries.guava + testCompile libraries.guava, + libraries.log4j2 signature "org.codehaus.mojo.signature:java16:+@signature" }